11-07-2022 05:48 AM
Hello,
We are in the process of migrating from our 5508 WLCs to new Catalyst 9800-40-K9 WLCs. Everything has been configured but I am having a difficult time with the Smart Licensing configuration. I've set up the trust between our device and CSSM, and there are no firewall policies blocking the communication. I have 433 Aironet DNA Essnetials Term Licenses available as well. Looking for assistance on this as TAC has been kind of slow to respond.
Thanks!
11-07-2022 07:51 AM - edited 11-07-2022 07:52 AM
Catalyst 9800-40-K9 WLC registering with CSSM on prem ?
how is your config show on cat 9800 and what is the failure reason ?
post :
show license status
show license all
make sure you have right interface to connect CSSM
ip http client source-interface VXXXX
11-07-2022 08:40 AM
Hi BB,
Thanks for the reply.
According to the logs (and the GUI), the licensing trust configuration was successful:
Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by SLA-KeyPair
Nov 7 07:22:28: %SMART_LIC-6-TRUST_INSTALL_SUCCESS: A new licensing trust code was successfully installed on P:C9800-40-K9,S:TTM2608030W.
Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair has been removed from key storage
Nov 7 07:22:28: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by SLA-KeyPair
Nov 7 07:22:28: %SMART_LIC-6-TRUST_INSTALL_SUCCESS: A new licensing trust code was successfully installed on P:C9800-40-K9,S:TTM2607024D.
Here is the "show license status" command you requested:
LAS-WLC01-9800-D-B1F1R03.05-29# show license status
Utility:
Status: DISABLED
Smart Licensing Using Policy:
Status: ENABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Smart
URL: https://smartreceiver.cisco.com/licservice/license
Proxy:
Not Configured
Policy:
Policy in use: Merged from multiple sources.
Reporting ACK required: yes (CISCO default)
Unenforced/Non-Export Perpetual Attributes:
First report requirement (days): 365 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 90 (CISCO default)
Unenforced/Non-Export Subscription Attributes:
First report requirement (days): 90 (CISCO default)
Reporting frequency (days): 90 (CISCO default)
Report on change (days): 90 (CISCO default)
Enforced (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Export (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Miscellaneous:
Custom Id: <empty>
Usage Reporting:
Last ACK received: Oct 21 17:44:32 2022 PST
Next ACK deadline: <none>
Reporting push interval: 0 (no reporting)
Next ACK push check: <none>
Next report push: <none>
Last report push: Oct 21 17:39:15 2022 PST
Last report file write: <none>
Trust Code Installed:
Active: PID:C9800-40-K9,SN:TTM2608030W
INSTALLED on Nov 07 07:22:28 2022 PST
Standby: PID:C9800-40-K9,SN:TTM2607024D
INSTALLED on Nov 07 07:22:28 2022 PST
And "show license all":
LAS-WLC01-9800-D-B1F1R03.05-29#show license all
Smart Licensing Status
======================
Smart Licensing is ENABLED
Export Authorization Key:
Features Authorized:
<none>
Utility:
Status: DISABLED
Smart Licensing Using Policy:
Status: ENABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Smart
URL: https://smartreceiver.cisco.com/licservice/license
Proxy:
Not Configured
Miscellaneous:
Custom Id: <empty>
Policy:
Policy in use: Merged from multiple sources.
Reporting ACK required: yes (CISCO default)
Unenforced/Non-Export Perpetual Attributes:
First report requirement (days): 365 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 90 (CISCO default)
Unenforced/Non-Export Subscription Attributes:
First report requirement (days): 90 (CISCO default)
Reporting frequency (days): 90 (CISCO default)
Report on change (days): 90 (CISCO default)
Enforced (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Export (Perpetual/Subscription) License Attributes:
First report requirement (days): 0 (CISCO default)
Reporting frequency (days): 0 (CISCO default)
Report on change (days): 0 (CISCO default)
Usage Reporting:
Last ACK received: Oct 21 17:44:32 2022 PST
Next ACK deadline: <none>
Reporting push interval: 0 (no reporting)
Next ACK push check: <none>
Next report push: <none>
Last report push: Oct 21 17:39:15 2022 PST
Last report file write: <none>
Trust Code Installed:
Active: PID:C9800-40-K9,SN:TTM2608030W
INSTALLED on Nov 07 07:22:28 2022 PST
Standby: PID:C9800-40-K9,SN:TTM2607024D
INSTALLED on Nov 07 07:22:28 2022 PST
License Usage
=============
No licenses in use
Product Information
===================
UDI: PID:C9800-40-K9,SN:TTM2608030W
HA UDI List:
Active:PID:C9800-40-K9,SN:TTM2608030W
Standby:PID:C9800-40-K9,SN:TTM2607024D
Agent Version
=============
Smart Agent for Licensing: 5.0.14_rel/89
License Authorizations
======================
Overall status:
Active: PID:C9800-40-K9,SN:TTM2608030W
Status: NOT INSTALLED
Standby: PID:C9800-40-K9,SN:TTM2607024D
Status: NOT INSTALLED
Purchased Licenses:
No Purchase Information Available
With regard to the source interface, I am using the management interface:
ip http client source-interface GigabitEthernet0
Let me know if you need any additional information.
Thanks!
11-08-2022 09:34 AM
ip http client source-interface GigabitEthernet0
are you able to reach CSSM using this interface ?
11-08-2022 10:43 AM
Hi BB,
Are you referring to smartreceiver.cisco.com? If so, I cannot ping it or reach on the WLC or elsewhere.
Thanks!
11-08-2022 11:43 AM
if you registering cisco cloud smart license you need to able to reach smart license server 443 port to register device ?
do you have any FW between or any proxy ? ( WLC and cisco smartlicense cloud)
11-08-2022 03:51 AM
Is your WLC is in HA? If not I would recommend using the offline method SLR. Similar to license installation process in the past.
If you need smart licensing syncing to Cloud, then you need the DNS to work properly. Check from the WLC itself whether it can resolve the domains. Configure a name server by using the ip name-server command, and a domain lookup by using the ip domain-lookup command configured on the device to successfully resolve the FQDN. This must be enabled under the Mgmt-intf.
ip name-server vrf Mgmt-intf 8.8.8.8
ip domain-name vrf Mgmt-intf cisco.com
11-08-2022 05:04 AM
Hi Arshad,
Yes, our WLC is in HA (SSO). The name server and domain has been configured and has been working as expected. Results from a standard ping in the Mgmt-intf vrf:
LAS-WLC01-9800-D-B1F1R03.05-29#ping vrf Mgmt-intf cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.185, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/33 ms
Here is the relevant configuration:
ip name-server vrf Mgmt-intf 10.50.4.31 10.48.4.16
ip domain lookup vrf Mgmt-intf source-interface GigabitEthernet0
ip domain name vrf Mgmt-intf XXXX.com
!
crypto pki trustpoint TP-self-signed-2680778750
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2680778750
revocation-check none
rsakeypair TP-self-signed-2680778750
!
license udi pid C9800-40-K9 sn TTM2608030W
license smart url default
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart
I've also generated the token in SCCM and issue the "license smart trust idtoken <token> all force" command.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide